Fortinet FortiGate FortiGate-1000A Administration Manual page 207
Fortinet fortigate fortigate-1000a: user guide
Hide thumbs
Also See for FortiGate FortiGate-1000A:
- Install manual (58 pages) ,
- Quick start manual (2 pages) ,
- Administration manual (458 pages)
Table of Contents
Advertisement
Firewall
FortiGate-1000A/FA2 Administration Guide
Schedule
Select a schedule that controls when the policy is available to be matched with
connections. See
"Schedule" on page
Service
Select the name of a service or service group that matches the service or protocol of
the packets to be matched with this policy. You can select from a wide range of
predefined services or add custom services and service groups. See
page
218.
Action
Select how you want the firewall to respond when the policy matches a connection
attempt.
ACCEPT
Accept connections matched by the policy. You can also configure NAT,
protection profiles, log traffic, traffic shaping, authentication, and differentiated
services. You can also add a comment to the policy.
DENY
Select deny to reject connections matched by the policy. The only other policy
options that you can configure are log traffic (to log the connections denied by
this policy) and differentiated services. You can also add a comment to the
policy.
ENCRYPT
Select encrypt to make this policy an IPSec VPN policy. An IPSec VPN policy
causes the FortiGate unit to accept IPSec packets. When encrypt is selected
the VPN Tunnel Options appear. You can also configure protection profiles, log
traffic, traffic shaping, and differentiated services. You can also add a comment
to the policy. You cannot configure NAT or add authentication to an encrypt
policy. For more information, see
tunnels" on page
VPN Tunnel
Select a VPN tunnel for an ENCRYPT policy. You can select an AutoIKE key or
Manual Key tunnel.
Allow Inbound
Select to enable traffic from a dialup client or computers on the remote
private network to initiate the tunnel.
Allow outbound Select to enable traffic from computers on the local private network to initiate
the tunnel.
Inbound NAT
Select to translate the source IP addresses of inbound decrypted packets
into the IP address of the FortiGate interface to the local private network.
Outbound NAT Select in combination with a natip CLI value to translate the source
addresses of outbound cleartext packets into the IP address that you specify.
Do not select Outbound NAT unless you specify a natip value through the
CLI. When a natip value is specified, the source addresses of outbound IP
packets are replaced before the packets are sent through the tunnel. For
more information, see the "firewall" chapter of the
01-28011-0254-20051115
226.
"Adding firewall policies for IPSec VPN
284.
Policy
"Service" on
FortiGate CLI
Reference.
207
Advertisement
Table of Contents
